Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. (096327a9) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+5 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,11 @@

		Changes between 0.9.8s and 0.9.8t [xx XXX xxxx]

		*)
		*) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
		Thanks to Antonio Martin, Enterprise Secure Access Research and
		Development, Cisco Systems, Inc. for discovering this bug and
		preparing a fix. (CVE-2012-0050)
		[Antonio Martin]

		Changes between 0.9.8r and 0.9.8s [4 Jan 2012]

+7 −10

Original line number	Diff line number	Diff line
		@@ -336,6 +336,7 @@ dtls1_process_record(SSL *s)
		unsigned int mac_size;
		unsigned char md[EVP_MAX_MD_SIZE];
		int decryption_failed_or_bad_record_mac = 0;
		unsigned char *mac = NULL;


		rr= &(s->s3->rrec);
		@@ -403,19 +404,15 @@ if ( (sess == NULL) \|\|
		#endif
		}
		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
		if (rr->length < mac_size)
		if (rr->length >= mac_size)
		{
		#if 0 /* OK only for stream ciphers */
		al=SSL_AD_DECODE_ERROR;
		SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
		goto f_err;
		#else
		decryption_failed_or_bad_record_mac = 1;
		#endif
		}
		rr->length -= mac_size;
		mac = &rr->data[rr->length];
		}
		else
		rr->length = 0;
		s->method->ssl3_enc->mac(s,md,0);
		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
		if (mac == NULL \|\| memcmp(md, mac, mac_size) != 0)
		{
		decryption_failed_or_bad_record_mac = 1;
		}